Hybrid digital rights management system and related document protection method

ABSTRACT

A hybrid digital rights management (DRM) system includes a hybrid digital rights management server (RMS server) connected to first and second RMS servers and a client computer. The hybrid RMS server stores a policy mapping table that maps its DRM policies to remote DRM policies on the first or second RMS servers, and can also create policies that satisfy the schema requirements of the first or second RMS server using policies stored in the hybrid RMS server. When the hybrid RMS server receives a document protection request from the client computer, it extracts the filename extension for the document to be protected, and uses the filename extension to select one of the first and second RMS servers as a target RMS server. The document is protected by the target RMS server, and also added to a protected document database on the hybrid RMS server.

BACKGROUND OF THE INVENTION

Field of the Invention

This invention relates to digital rights management (DRM) for digital documents, and in particular, it relates to a hybrid DRM system that combines different types of digital rights management systems, and document access authorization and document protection methods implemented in such a system.

Description of Related Art

Documents traditionally available only in hard copies are increasingly also available in digital copies. In fact many documents nowadays are prepared, generated, stored, distributed, accessed, read or otherwise used electronically in digital file formats such as the Portable Document Format (PDF), Word, PowerPoint, Excel, etc. With the wide use of digital documents and digital document processing, digital rights management systems (“DRM” or “RMS”) are increasingly implemented to control user access and prevent unauthorized use of digital documents. The rights involved in using a digital document may include the right to view (or “read”) the digital document, the right to edit (or “write”) the digital document, the right to print the digital document in hard copies, the right to copy the digital document, etc. A user may access a digital document by acquiring (or being assigned) one or more of these rights.

DRM systems are generally implemented for managing users' rights to the digital documents stored in the systems. In a current DRM system, each digital document is associated with a rights management policy (or simply referred to as policy in this disclosure) that specifies which user has what rights to the document, as well as other parameters relating to access rights. Many such policies are stored in a DRM server (also called RMS server). The server stores a database table that associates each document (e.g. by a unique ID, referred to as document ID or license ID) with a policy (e.g. by policy ID). Each digital document may also have metadata that contains the document ID. When a user attempts to access a document (either a document residing on a server or a document that has been downloaded or copied to the user's computer) using an application program such as Adobe™ Reader, the application program contacts the DRM server to request permission. The DRM server determines whether the requesting user has the right to access the document in the attempted manner (view, edit, print, etc.), by determining the policy associated with the document and then referring to the content of that policy. The DRM server then transmits an appropriate reply to the application program to grant or deny the access. If access is granted, the server's reply may contain a decryption key to decrypt the document.

Two existing types of DRM systems are Adobe™ LiveCycle™ and Microsoft™ Active Directory™ Rights Management. Adobe LiveCycle supports a broader range of devices and operating systems which can utilize DRM protected PDF documents compared to other vendors. Microsoft Active Directory supports a broader range of devices and operating systems which can utilize DRM protected Microsoft Office (Word, PowerPoint and Excel) documents compared to other vendors.

SUMMARY

The present invention is directed to a hybrid DRM system and related methods that can support both Adobe LiveCycle and Microsoft Active Directory types of DRM systems.

An object of the present invention is to provide a hybrid DRM system with shared infrastructure such as user database, policy database and document storage so that it can be seamlessly shared and utilized by multiple different types of DRM systems such as Adobe LiveCycle and Microsoft Active Directory.

Another object of the present invention is to provide a hybrid DRM system that delivers a transparent user experience so that the end user will feel that he is working with one DRM system, although the user requests may actually be processed by multiple different DRM systems such as Adobe LiveCycle and Microsoft Active Directory.

Additional features and advantages of the invention will be set forth in the descriptions that follow and in part will be apparent from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.

To achieve these and/or other objects, as embodied and broadly described, the present invention provides a digital rights management method implemented in a hybrid digital rights management server (hybrid RMS server), the hybrid RMS server being connected to a first digital rights management server (first RMS server), a second digital rights management server (second RMS server), and a client computer, the method including: (a) receiving a document protection request from the client computer, the document protection request including a requested document, a filename of the requested document, and a policy ID of a requested DRM policy; (b) retrieving a filename extension from the filename, and based on the filename extension, identifying at least one of the first and second RMS servers as a target RMS server; (c) obtaining full policy information about the requested DRM policy including which users have what access rights to a document under the DRM policy; (d) determining whether the target RMS has a remote DRM policy that corresponds to the requested DRM policy; (e) if the target RMS has a remote DRM policy that corresponds to the requested DRM policy, obtaining a remote policy ID for the remote DRM policy of the target RMS server, and if the target RMS has no remote DRM policy that corresponds to the requested DRM policy, generating a remote DRM policy for the target RMS server from the full policy information of the requested DRM policy using a policy schema of the target RMS server; (f) accessing the target RMS server and transmitting a remote document protection request including the requested document and either the obtained remote policy ID or the generated remote DRM policy; and (g) storing the requested document ID in association with the full information of the requested DRM policy.

Preferably, the hybrid RMS server stores an RMS server information table, each entry of the RMS server information table identifying one of the first and second RMS servers and containing a server ID of that RMS server, a policy schema of that RMS server which defines format of digital rights management (DRM) policies used by that RMS server, endpoint information for accessing that RMS server, and one or more filename extensions for documents supported by that RMS server. The hybrid RMS server further stores a policy table which contains full policy information for each of a plurality of DRM policies of the hybrid RMS server. The hybrid RMS server further stores a policy mapping table which contains, for each of at least some of the DRM policies of the hybrid RMS server, a corresponding remote DRM policy ID of a DRM policy maintained by one of the first and second RMS servers and an ID of the RMS server that maintains the remote DRM policy. The hybrid RMS server further stores a document authorization table which contains a plurality of document IDs and a DRM policy associated with each document ID including full policy information regarding which users have what access rights to a document represented by the document ID. These tables are used in performing the various steps of the digital rights management method.

The hybrid RMS server may further stores a user table, each entry of the user table containing a user ID and a RMS server ID of a corresponding RMS server on which the user ID is registered, and the method may further include: receiving a user logon request from the client computer, the user logon request containing a user ID; querying the user table using user ID to determine the corresponding RMS server on which the user is registered; and redirect the logon request to the corresponding RMS server.

In another aspect, the present invention provides a computer program product comprising a computer usable non-transitory medium (e.g. memory or storage device) having a computer readable program code embedded therein for controlling a data processing apparatus, the computer readable program code configured to cause the data processing apparatus to execute the above method.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 schematically illustrates a DRM system that includes a hybrid RMS server which cooperates with multiple different types of DRM systems according to an embodiment of the present invention.

FIG. 2A schematically illustrates a document access authorization method implemented in the hybrid RMS server in the embodiment of FIG. 1.

FIG. 2B schematically illustrates an alternative document access authorization method implemented in the hybrid RMS server in the embodiment of FIG. 1.

FIG. 3 schematically illustrates a document authentication table stored in a DRM database in the hybrid RMS server of the embodiment of FIG. 1 and used in the method of FIGS. 2A and 2B.

FIG. 4 schematically illustrates a document protection method implemented in the hybrid RMS server in the embodiment of FIG. 1.

FIG. 5 schematically illustrates an RMS server table stored in a DRM database in the hybrid RMS server of the embodiment of FIG. 1 and used in the method of FIG. 4.

FIG. 6 schematically illustrates a policy table stored in a DRM database in the hybrid RMS server of the embodiment of FIG. 1 and used in the method of FIG. 4.

FIG. 7 schematically illustrates a policy mapping table stored in a DRM database in the hybrid RMS server of the embodiment of FIG. 1 and used in the method of FIG. 4.

FIG. 8 schematically illustrates a user authentication method implemented in the hybrid RMS server in the embodiment of FIG. 1.

FIG. 9 schematically illustrates a domain authentication provider table stored in a DRM database in the hybrid RMS server of the embodiment of FIG. 1 and used in the method of FIG. 8.

FIG. 10 schematically illustrates a shallow user table stored in a DRM database in the hybrid RMS server of the embodiment of FIG. 1 and used in the method of FIG. 8.

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS

The description herein of the structures, functions, interfaces and other relevant features, such as digital rights policies, application programming interface (API) for rights management and policies, etc., of existing DRM systems may at times incorporates, references or otherwise uses certain information, documents and materials from publicly and readily available and accessible public information, e.g., “Rights Management” (URL http://help.adobe.com/en_US/livecycle/10.0/Overview/WS92d06802c76abadb2c8525912ddcb9aad9-7ff8.html), “Programmatically applying policies (a subsection of ‘Rights Management’)”, (URL http://help.adobe.com/en_US/livecycle/10.0/Overview/WSb96e41f8a4ca47a9-4882aeb5131190eddba-8000.html), “LiveCycle® ES Java™ API Reference” (URL http://livedocs.adobe.com/livecycle/es/sdkHelp/programmer/javadoc/index.html), etc. Another example of digital rights management system is Microsoft Active Directory Rights Management; some documentations for this system are available on line at: http://technet.microsoft.com/en-us/windowsserver/dd448$611.aspx, http://msdn.microsoft.com/library/cc530389(VS.85).aspx, and http://msdn.microsoft.com/en-us/library/cc542552(v=vs.85).aspx.

As mentioned earlier, Adobe LiveCycle supports a broader range of devices and operating systems which can utilize DRM protected PDF documents compared to other vendors. Microsoft Active Directory RMS supports a broader range of devices and operating systems which can utilize DRM protected Microsoft Office (Word, PowerPoint and Excel) documents compared to other vendors. Embodiments of the present invention provide a hybrid DRM system which supports all the devices and operating systems supported by multiple different types of DRM systems such as Adobe LiveCycle and Microsoft Active Directory. The system allows end users to log in to the hybrid DRM system, without having to log in to Adobe LiveCycle and Microsoft Active Directory separately, allowing for a seamless user experience. To accomplish this, mechanisms are provided to ensure that necessary information and resources, such as user information, DRM policy information and document storage infrastructure, can be shared across these multiple different DRM systems despite the fact that different existing DRM systems have their own ways and formats of storing the user, policy and storage information.

FIG. 1 schematically illustrates a hybrid DRM system according to various embodiments of the present invention. As shown in FIG. 1, the system includes a first RMS server 10, a second RMS server 20, a hybrid RMS server 30, and a client computer 40 connected to each other. The communication among the various components may be via a network such as the Internet. The first and second RMS servers 10 and 20 implement different types of DRM systems, such as Adobe LiveCycle (“LC”) and Microsoft Active Directory (“AD”) systems. The first and second RMS servers 10 and 20 maintain respective DRM databases 11 and 21 used by these RMS servers, such as LiveCycle DRM database 11 and Microsoft DRM database 21. The hybrid RMS server 30 maintains a DRM database 31 which will be described in more detail later.

The client computer 40 has a first client application 41 and a second client application 42 that interact with the first and second RMS server 10 and 20, respectively. For example, the first client application 41 may be Adobe Acrobat, and the second client application 42 may be Microsoft Word, PowerPoint, Excel, etc. The first and second client applications 41, 42 respectively cooperate with the first and second RMS servers 10, 20 to perform digital rights management in conventional ways. For example, take Adobe Acrobat as an example of the first client application 41, when the user of the client computer 10 uses the first client application to attempt to access a PDF document, the first client application transmits an authorization request the first RMS server 10 and request permission to access the PDF document. With the information provided by the first client application 41 with the authorization request, such as a user ID of the user, a document ID of the document being accessed, etc., the first RMS server 10 determines whether the requested access should be granted, and transmits an authorization response to the first client application 41, so that the first client application 41 can act accordingly to allow or deny the user access to the PDF document. The first client application 41 (e.g. Adobe Acrobat) is pre-configured to contact the first RMS server 10 (e.g. an Adobe LC server) to perform digital rights management.

The operation of Microsoft Office applications (e.g. second client application 42) is similar; here the documents the user attempts to access is a Microsoft Office document and the second client application is pre-configured to contact the second RMS server 20 (e.g. a Microsoft AD RMS server) to perform digital rights management.

Each of the Adobe LiveCycle and Microsoft Active Directory RMS systems defines its own document protection schemes. In certain circumstances the document protection schemes provided by these commercially available systems may be inflexible or insufficient to meet certain practical needs. For example, as described in commonly owned U.S. Pat. Appl. Pub. No. 2014/0282842 (“the '842 application”), in existing commercially available DRM systems which associates one rights management policy with each document being protected by the system, it is not possible to revoke the access permission granted to a particular user for a particular document without affecting that user's access rights to other documents associated with the same policy. Also, if multiple documents are associated with the same policy, and if a particular user is granted access rights under that policy, the user will have access to all of the multiple documents associated with that policy, and the DRM system cannot specifically grant that user access to some but not all of such multiple documents. The '842 application describes a method which effectively provides additional control of user access rights to documents, to allow the DRM system to more flexibly handle these types of situations as well as other situations. The type of access control accomplished by the method described in the '842 application, referred to as a “user-centric” scheme, is accomplished via a user-centric adaptor (“UCA”) program module on the RMS server that cooperate with existing program modules of the commercially available DRM system.

The provision of additional access control is referred to as “policy extension” in this disclosure, i.e., it extends the rights management policy scheme provided by the existing commercially available DRM systems. The '842 application provides such policy extension for the Adobe LiveCycle system by taking advantage of the fact that LiveCycle allows for third party program modules (referred to as adaptor modules) to cooperate with LiveCycle's own program. However, currently Microsoft Active Directory RMS provides no mechanism for third party programs to cooperate with it to achieve policy extension. Thus, according to a first embodiment of the present invention, the client computer 40 is provided with a plug-in module 43 which cooperates with the hybrid RMS server 30 to accomplish policy extension for documents managed by the Microsoft Active Directory system.

According to the first embodiment of the present invention, the hybrid RMS server 30 provides policy extension and user-centric document access management for the Microsoft Office applications (the second client application 42) on the client 40. FIG. 2A schematically illustrates a document access authorization method according to this embodiment, which determines the user's access rights with respect to a particular document. In this process, the hybrid RMS server 30 acts as a third party authorization provider. Here, “third party” refers to a party other than the user and the Microsoft Active Directory server 20. The Microsoft Office application 42 will perform the conventional authorization process in cooperation with the Microsoft Active Directory server 20 (including obtaining a decryption key for decrypting the document), indicated at step S21 in FIG. 2A, which is not described in detail here; the authorization process described here (steps S22-S25) is in addition to the conventional authorization process.

As shown in FIG. 2A, the plug-in 43 cooperates with the Microsoft Office application 42 such that, when the user attempts to open a document using the Microsoft Office application, the plug-in transmits an authorization request to the hybrid RMS server 30 (step S22). The authorization request contains information such as a document ID of the document requested to be accessed, a user ID of the user requesting such access, etc. The document ID is a unique ID for each protected document of the hybrid DRM system. The hybrid RMS server 30 extracts information from the received authorization request, such as the document ID and the user ID (step S23), determines whether the user has access to the document by querying the DRM database 31 (step S24), and transmits a response to the plug-in 43 (step S25).

More specifically, the DRM database 31 contains policy extension and user-centric access control information, in the form of a document authorization table 32, an example of which is show in FIG. 3. Each entry of the document authorization table 32 contains a document ID (“DocumentId”), a policy associated with the document ID (“Policy”), and a status (“Status”). Each policy in the “policy” column is a binary representation of specific access permissions, i.e., which users have what kind of access permissions. The policy may be in the JSON or XML format, or other suitable formats. The document authorization table 32 associates each document ID with a policy. Note that the policies in the document authorization table 32 stored in the DRM database 31 of the hybrid RMS server 30 are not required to be the same as the policies maintained by the individual RMS servers 10 and 20 and are not subject to any constraints of such RMS systems. For example, as described above, in conventional DRM systems such as Adobe LiveCycle and Microsoft Active Directory, the number of policies is typically much smaller than the number of documents protected by the system, and many documents typically share the same policy, so when a policy is modified the access rights to all documents associated with that policy are affected. In the embodiment of the present invention, the policy for each document in the document authorization table 32 may be individually modified without affecting the access rights to any other document.

In response to the authorization request from the plug-in 43, the hybrid RMS server 30 first queries the document authorization table 32 using the document ID (DocumentId) contained in the authorization request to find the policy. Then, based on the content of the retrieved policy, the RMS server 30 determines if the user (represented by the user ID) is allowed to access the document. The status column in the document authorization table 32 shown in FIG. 3 sets a status which can be True or False. This status field can enable or disable access to the corresponding document entirely; for example, a user request to access a document will be denied, without even evaluating the corresponding policy, if the corresponding status is False.

This accomplishes step S24, i.e., to determine whether the user has access right to the requested document.

Using the document authorization table 32 enables the hybrid RMS server 30 to determine the result for each authorization request internally, i.e., without referring to the Microsoft Active Directory server 20.

As mentioned earlier, the Microsoft Office application 42 performs the conventional authorization process in cooperation with the Microsoft Active Directory server 20 (step S21); the authorization process in steps S22-S25 performed by the plug-in 43 and the hybrid RMS server 30, referred to as the extended authorization process, is in addition to this conventional authorization process. Note here that the decryption key necessary to decrypt the document is managed by the second RMS server 20 and sent to the application 42 from the second RMS server in step S21 if the second RMS server grants the access; the hybrid RMS server 30 does not need to manage the decryption key, and the authorization response transmitted form the hybrid RMS server 30 to the plug-in 43 does not include a decryption key. The plug-in 43 passes the result of the extended authorization process to the second application 42 (step S26), and the second application grants or denies the user's access to the document based on both authorization responses (steps S27, S28 and S29). If either of the authorization processes returns an access denied response (“No” in step S27), the user's access to the document will be denied. Optionally, a message for “access denied” may be displayed to the user when access is denied.

An alternative process flow for the document access authorization method is shown in FIG. 2B. Step S21 of FIG. 2B is identical to that in FIG. 2A. Then, based on the authorization response from the second RMS server (step S27A), the second application either denies the user access to the document (“No” in step S27A, step S29), or grants the user access and opens the document (“Yes” in step S27A, step S28A). Then, the plug-in performs document access authorization with the hybrid RMS server which includes steps S22 to S25 shown in FIG. 2A. The plug-in then determines whether the hybrid RMS server granted user access to the document (FIG. 27B). If it has not (“No” in step S27B), the plug-in denies user access to the document by closing the document that was opened in step S28A (step S30); otherwise, the plug-in does not perform any additional steps and therefore the document will remain open. In steps S29 and S30, a message for “access denied” may be optionally displayed to the user when access is denied. This alternative process flow achieves the same results as the process flow in FIG. 2A. Again, note here that the hybrid RMS server 30 does not need to manage the decryption key and the authorization response transmitted form the hybrid RMS server 30 to the plug-in 43 does not include a decryption key.

As mentioned earlier, currently Microsoft Active Directory RMS provides no mechanism for third party programs to cooperate with it to achieve policy extension; therefore, in the first embodiment of the present invention, the plug-in 43 on the client computer 40 is used to interact with the hybrid RMS server 30 as well as the Microsoft office application 42 to perform the extended authorization process.

In addition to the authorization process performed with the plug-in 43, the hybrid RMS server 30 also performs an extended authorization process for the first application 41 (e.g. Adobe Acrobat) to accomplish policy extension and user-centric document access control with respect to the first RMS server 10 (e.g. Adobe LiveCycle) in the manner described in the above-mentioned '842 application. The document authorization table 32 (FIG. 3) is used for the extended authorization process for both the first and second RMS servers 10 and 20. Thus, the hybrid DRM system can accomplish policy extension and user-centric document access control for all types of documents and operating system supported by both the first and second RMS servers 10 and 20.

In a second embodiment of the present invention, the hybrid DRM system provides a method for applying protection to digital documents (i.e. adding protected documents to the DRM system) such that, even though the document protection is actually performed by different RMS servers such as the first and second RMS servers 10 and 20, the hybrid RMS server 30 allows the user to interact with the hybrid RMS server regardless of the types of the document being protected or the operating system involved. This provides a unified user experience for document protection for all types of documents and all operating system supported by both the first and the second RMS servers 10 and 20. The document protection method according to the second embodiment can be implemented in the hybrid DRM system shown in FIG. 1; here the hybrid RMS server 30 acts as a document protection service.

The DRM database 31 on the hybrid RMS server 30 contains an RMS server information table 33, an example of which is shown in FIG. 5, which lists the different types of RMS servers supported in the hybrid DRM system. Each entry of the RMS server information table 33 is for an RMS server supported in the hybrid system, such as RMS servers 10 or 20, and includes the following information: (1) an RMS server ID (“RMSRefId”), which is a unique ID in the hybrid DRM system; (2) a policy schema (“PolicySchema”) of this RMS server, which defines the format of the DRM policies used by the RMS server; (3) endpoint information (“Binding”) for this RMS server, such as the server address (e.g. an URL or IP address), the administrative user's username and password, etc., which is necessary to access the server; (4) a set of filename extensions for documents supported by this RMS server (“SupportedFiles”); and (5) a status (“Status”), which may be set to True or False.

The DRM database 31 on the hybrid RMS server 30 also contains a policy table 34, an example of which is shown in FIG. 6, which stores full policy information for each policy supported by the hybrid RMS server 30. Each entry of the policy table 34 corresponds to a policy, identified by a policy ID (“PolicyRefId”), and contains a binary representation of full information about the policy (“Policy”)—i.e., which users have what type of access rights under this policy. The policy table also contains a status for each policy (“Status”). The full policy information is in a binary format internally recognized by the hybrid RMS server 30, and can be used to generate DRM policies of other formats recognized by the first or second RMS servers 10 and 20, as will be described later.

In addition, the DRM database 31 on the hybrid RMS server 30 contains a policy mapping table 35, an example of which is shown in FIG. 7, which maps DRM policies across different RMS servers 10, 20 and 30. As mentioned earlier, the first and second RMS servers 10, 20 have their own DRM policies stored in the DRM databases 11, 21 respectively. The policy mapping table 35 maps the policies it maintains (e.g. see FIG. 6) to policies on the first or second RMS servers 10 and 20. As shown in FIG. 7, each mapping is identified by an ID (“Id”), and maps one policy of the hybrid RMS server 30 (“PolicyRefId”) to one policy (“RemotePolicyRefId”) on one other RMS server (“RMSRefId”). For example, in the first row in FIG. 7, the policy ID P0 on the hybrid RMS server 30 is mapped to policy ID A0 on the RMS server R0 (e.g. server 10), and in the third row, the same policy ID P0 on the hybrid RMS server 30 is mapped to policy ID M0 on the RMS server R1 (e.g. server 20). The identifier (“Id”) in the policy mapping table 35 is an internal ID that identifies each mapping. Note that some policies on the hybrid RMS server 30 may not map to any policy on another RMS server. The policies on different RMS servers that are mapped to one another have identical policy content, i.e., identical in their definitions of which users have what types of access rights under that policy, although they will typically have different formats.

FIG. 4 schematically illustrates a method implemented on the hybrid RMS server 30 for adding protected documents to the hybrid DRM system. To protect a document, the client application, which may be either the first application 41 or the second application 42, calls the hybrid RMS server 30 (the document protection service). The client application 41 or 42 has been configured (e.g. when the applications were installed) to call the hybrid RMS server 30 instead of the first or second RMS server 10 or 20. The client application 41 or 42 transmits a document protection request to the hybrid RMS server 30, which includes the document to be protected (referred to as the requested document), the filename of the document, and a reference of a DRM policy (e.g. a policy ID) to be used to protect the document (referred to as the requested policy ID). Note that the policy ID is the policy ID defined on the hybrid RMS server 30, not the policy ID used by the individual RMS servers 10 or 20.

Upon receiving the document protection request (step S41), the hybrid RMS server 30 retrieves the filename extension from the input filename, e.g. .pdf for Adobe PDF document, .doc for Microsoft Word document, etc., and using the filename extension, queries the RMS server information table 33 (FIG. 5) to find at least one RMS server that supports the input filename extension (referred to as the target RMS server) (step S42). The hybrid RMS 30 also queries the policy table 34, using the requested policy ID, to obtain full information about that policy (step S43).

Then, using the requested policy ID and the target RMS server found in step S42, the hybrid RMS server 30 queries the policy mapping table 35 to determine whether the target RMS has a policy (referred to as a remote policy) that maps to the requested policy ID (step S44). If such a remote policy is found in the policy mapping table 35 (“Yes” in step S44A), the corresponding remote policy ID (“RemotePolicyRefId”) for the target RMS server is obtained from the table (step S45).

If, on the other hand, there is no remote policy on the target RMS server that maps to the requested policy ID (“No” in step S43A), the hybrid RMS server 30 creates a remote policy for the target RMS server from the full information about the policy obtained in step S43, using the policy schema of that RMS server (step S46). Note that because the policy schema defined by each target RMS server has its own requirements of what types of policy terms can be accommodated in its policies, it is often the case that not all parts of the full policy information in the policy of the hybrid server will be used to create the policies for the target RMS. The parts of the full policy information that is not included in the created policy for the target RMS server correspond to the policy extension referred to above.

The hybrid RMS server 30 then queries the RMS server information table 33 using the target RMS server ID (“RMSRefId”) to obtains the endpoint information (“Binding”) for the target RMS server (step S47). The hybrid RMS server 30 then accesses the target RMS server 10 or 20 using the endpoint information, and transmits a document protection request to the target RMS server (step S48). The document protection request includes the requested document, a document ID for the document, and either the remote policy ID on the target RMS server obtained in step S45 or the policy created in step S46. The document ID is generated by the hybrid RMS server, which ensures that the document IDs for documents protected by the hybrid DRM system are globally unique regardless of which target RMS server processes each document.

In response to the document protection request, the target RMS server 10 or 20 protects the document using its existing document protection process. This may include, by the target RMS server, encrypting the document, storing the encryption key, associating the document with the policy, etc. Note that if a corresponding remote policy was not found in step S44 and the hybrid RMS server 30 created a policy in step S46 and transmitted it to the target RMS server 10 or 20 in step S48, the target RMS server assigns a policy ID to that policy and stores it in its own DRM database 11 or 21, and associates it with the document being protected. The target RMS server also returns the policy ID assigned by the target RMS server (the remote policy ID), and the hybrid RMS server 30 stores the remote policy ID in the policy mapping table 35 by mapping it to the policy that was used to create that remote policy in steps S46 (step S49).

The hybrid RMS server 30 also adds the document to be protected to its document authorization table 32, which associates the document ID with full policy information of the requested policy used to protect it (step S50). Note that his step can be performed at any point after the full policy information is obtained (i.e. step S43).

Note here that because the encryption keys for encrypting the documents are stored and managed by the target RMS server 10 or 20, the hybrid RMS server 30 does not need to store or manage the encryption keys.

It can be seen that the second embodiment of the present invention provides document protection using a single RMS server (the hybrid RMS server 30), so there is no need for the user to remember which server to connect to for which document type. This method is made possible by using policy conversion to convert DRM policies to different schemas required by different RMS servers. Under conventional systems, a user has to connect to different individual RMS servers to protect different types of documents such as PDF and Microsoft Word documents.

In a third embodiment of the present invention, the hybrid DRM system provides a method for authenticating users onto the RMS system so that the user only needs to login to a single RMS server, namely the hybrid RMS server 30, to perform all DRM functions even though some of these functions are handled by the individual RMS servers such as the first and second RMS servers 10 and 20. The user authentication method according to the third embodiment can be implemented in the hybrid RMS system shown in FIG. 1; here the hybrid RMS server 30 acts as a unified authentication provider.

The DRM database 31 on the hybrid RMS server 30 stores a domain authentication provider table 36, an example of which is shown in FIG. 9, which lists the RMS servers (domain authentication providers) that are registered with the hybrid RMS system. Each entry of the domain authentication provider table 36 contains an ID of the RMS server (“DomainId”), the type of the RMS server such as Adobe LiveCycle or Microsoft Azure RMS (“Name”), and the endpoint information of the RMS server (“Binding”). As mentioned earlier, endpoint information (binding) is a binary representation of information regarding the RMS server, including the server address (e.g. an URL or IP address), the administrative user's username and password, etc., which is necessary to access the server. Note here that the RMS server ID (“DomainId”) in the domain authentication provider table 36 may be the same as the RMS server ID (“RMSRefId”) in the RMS server table 33 and the policy mapping table 35, if the same RMS server (e.g. RMS server 10 or 20) acts both as the document protection service and as the domain authentication provider; or they may be different if different servers provide these two services.

The DRM database 31 also stores a shallow user table 37, an example of which is shown in FIG. 10. The user table is “shallow” in that it does not contain sensitive information such as the user's password or its hash. Each entry of the user table 37 is identified by an internal ID (“Id”), and stores a user ID (“UserId”) which includes a domain name part, the ID of the RMS server on which the user is registered (“DomainId”), and a status (“Status”) which indicates whether the user is allowed to authenticate through the hybrid DRM system. The RMS server ID (“DomainId”) in this table is the same parameter as the RMS server ID in the domain authentication provider table 36. The entries of the shallow user table 37 are created when individual RMS servers (e.g. servers 10, 20) are registered as a part of the hybrid DRM system, where the user IDs—for users who have previously registered with the respective individual RMS servers—are provided by the individual RMS servers and collected by the hybrid RMS server 30 into the shallow user table 37. Note that a part of the user ID, e.g. the @xxx.com and @yyy.com parts in the examples shown in FIG. 10, is an indication of the individual RMS server which the user is originally registered with.

FIG. 8 illustrates a method implemented on the hybrid RMS server 30 for authenticating a user to the hybrid DRM system. Upon receiving a user logon request from the client computer 40 containing a user ID of the requesting user (the requested user ID) (step S81), the hybrid RMS server 30 queries the shallow user table 37 using the user ID (step S82). If the user table contains the requested user ID and the corresponding status for that user indicates that the user is allowed to authenticate through the hybrid DRM system (“Yes” in step S82A), the hybrid RMS server 30 retrieves the ID of the target RMS server ID (“DomainId”) from the user table (step S83). Then, using the target RMS server ID (“DomainId”), the hybrid RMS server 30 retrieves the endpoint information (“Binding”) for the target RMS server from the domain authentication provider table 36 (step S84). Using the endpoint information, the hybrid RMS server 30 accesses the target RMS server and redirects the user's logon request to that server (step S85). In step S82A, if the user ID is not found in the shallow user table 37 or if the corresponding status is “False” indicating that the user is not allowed to authenticate through the hybrid DRM system (“No” in step S82A), the user's logon request is denied without redirection (step S86). This way, the user's request can be denied even if the individual authentication provider might have authenticated this user. This allows for more flexible control of user authentication.

It should be noted that in the three embodiments, namely document access authorization (FIG. 2), document protection (FIG. 4), and user authentication (FIG. 8), the hybrid RMS server 30 that performs these processes may be the same physical server (as depicted in FIG. 1), or they may be different servers performing the respective functions. If they are different servers, they may share the same hybrid DRM database 31 or maintain duplicate DRM databases.

It can be seen that in the hybrid DRM system described above, the same policy information used for protecting different types of documents like PDF, Word, PowerPoint, Excel, the same user information is used for protecting different documents, and the same storage infrastructure is used for storing all documents. Once user logs in the system, it will be transparent to him and he will feel that he is working with one RMS system, though in the background we will be processing the requests using multiple RMS systems.

It will be apparent to those skilled in the art that various modification and variations can be made in the digital rights management method and related apparatus of the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention cover modifications and variations that come within the scope of the appended claims and their equivalents. 

What is claimed is:
 1. A digital rights management method implemented in a hybrid digital rights management server (hybrid RMS server), the hybrid RMS server being connected to a first digital rights management server (first RMS server), a second digital rights management server (second RMS server), and a client computer, the method comprising: (a) receiving a document protection request from the client computer, the document protection request including a requested document, a filename of the requested document, and a policy ID of a requested DRM policy; (b) retrieving a filename extension from the filename, and based on the filename extension, identifying at least one of the first and second RMS servers as a target RMS server; (c) obtaining full policy information about the requested DRM policy including which users have what access rights to a document under the DRM policy; (d) determining whether the target RMS has a remote DRM policy that corresponds to the requested DRM policy; (e) if the target RMS has a remote DRM policy that corresponds to the requested DRM policy, obtaining a remote policy ID for the remote DRM policy of the target RMS server, and if the target RMS has no remote DRM policy that corresponds to the requested DRM policy, generating a remote DRM policy for the target RMS server from the full policy information of the requested DRM policy using a policy schema of the target RMS server; (f) accessing the target RMS server and transmitting a remote document protection request including the requested document and either the obtained remote policy ID or the generated remote DRM policy; and (g) storing the requested document ID in association with the full information of the requested DRM policy.
 2. The method of claim 1, wherein the hybrid RMS server stores an RMS server information table, each entry of the RMS server information table identifying one of the first and second RMS servers and containing a server ID of that RMS server, a policy schema of that RMS server which defines format of digital rights management (DRM) policies used by that RMS server, endpoint information for accessing that RMS server, and one or more filename extensions for documents supported by that RMS server, and wherein step (b) includes querying the RMS server information table using the filename extension to identify the target RMS server.
 3. The method of claim 2, wherein the hybrid RMS server further stores a policy table which contains full policy information for each of a plurality of DRM policies of the hybrid RMS server, and wherein step (c) includes querying the policy table using the requested policy ID to obtain the full information about the requested DRM policy.
 4. The method of claim 3, wherein the hybrid RMS server further stores a policy mapping table which contains, for each of at least some of the DRM policies of the hybrid RMS server, a corresponding remote DRM policy ID of a DRM policy maintained by one of the first and second RMS servers and an ID of the RMS server that maintains the remote DRM policy, and wherein step (d) includes using the requested policy ID and an ID of the target RMS server, querying the policy mapping table to determine whether the target RMS has a remote DRM policy that corresponds to the requested DRM policy.
 5. The method of claim 4, wherein in step (e), the remote policy ID for the remote DRM policy of the target RMS server is obtained from the policy mapping table, and the policy schema of the target RMS server is obtained from the RMS server information table.
 6. The method of claim 5, wherein step (f) includes querying the RMS server information table using the target RMS server ID to obtain the endpoint information for the target RMS server, and accessing the target RMS server using the endpoint information.
 7. The method of claim 6, wherein the hybrid RMS server further stores a document authorization table which contains a plurality of document IDs and a DRM policy associated with each document ID including full policy information regarding which users have what access rights to a document represented by the document ID, and wherein step (g) includes storing the requested document ID in association with the full policy information of the requested DRM policy in the document authorization table.
 8. The method of claim 1, wherein the hybrid RMS server further stores a user table, each entry of the user table containing a user ID and a RMS server ID of a corresponding RMS server on which the user ID is registered, the method further comprising: receiving a user logon request from the client computer, the user logon request containing a user ID; querying the user table using user ID to determine the corresponding RMS server on which the user is registered; and redirect the logon request to the corresponding RMS server.
 9. The method of claim 8, wherein the user table further containing a status which indicates whether the user ID is allowed to authenticate through the hybrid RMS server, the method further comprising: if the status indicates that the user ID is not allowed to authenticate through the hybrid RMS server, denying the user logon request.
 10. A computer program product comprising a computer usable non-transitory medium having a computer readable program code embedded therein for controlling a hybrid digital rights management server (hybrid RMS server), the hybrid RMS server being connected to a first digital rights management server (first RMS server), a second digital rights management server (second RMS server), and a client computer, the computer readable program code configured to cause the hybrid RMS server to execute a digital rights management process, the process comprising: (a) receiving a document protection request from the client computer, the document protection request including a requested document, a filename of the requested document, and a policy ID of a requested DRM policy; (b) retrieving a filename extension from the filename, and based on the filename extension, identifying at least one of the first and second RMS servers as a target RMS server; (c) obtaining full policy information about the requested DRM policy including which users have what access rights to a document under the DRM policy; (d) determining whether the target RMS has a remote DRM policy that corresponds to the requested DRM policy; (e) if the target RMS has a remote DRM policy that corresponds to the requested DRM policy, obtaining a remote policy ID for the remote DRM policy of the target RMS server, and if the target RMS has no remote DRM policy that corresponds to the requested DRM policy, generating a remote DRM policy for the target RMS server from the full policy information of the requested DRM policy using a policy schema of the target RMS server; (f) accessing the target RMS server and transmitting a remote document protection request including the requested document and either the obtained remote policy ID or the generated remote DRM policy; and (g) storing the requested document ID in association with the full information of the requested DRM policy.
 11. The computer program product of claim 10, wherein the hybrid RMS server stores an RMS server information table, each entry of the RMS server information table identifying one of the first and second RMS servers and containing a server ID of that RMS server, a policy schema of that RMS server which defines format of digital rights management (DRM) policies used by that RMS server, endpoint information for accessing that RMS server, and one or more filename extensions for documents supported by that RMS server, and wherein step (b) includes querying the RMS server information table using the filename extension to identify the target RMS server.
 12. The computer program product of claim 11, wherein the hybrid RMS server further stores a policy table which contains full policy information for each of a plurality of DRM policies of the hybrid RMS server, and wherein step (c) includes querying the policy table using the requested policy ID to obtain the full information about the requested DRM policy.
 13. The computer program product of claim 12, wherein the hybrid RMS server further stores a policy mapping table which contains, for each of at least some of the DRM policies of the hybrid RMS server, a corresponding remote DRM policy ID of a DRM policy maintained by one of the first and second RMS servers and an ID of the RMS server that maintains the remote DRM policy, and wherein step (d) includes using the requested policy ID and an ID of the target RMS server, querying the policy mapping table to determine whether the target RMS has a remote DRM policy that corresponds to the requested DRM policy.
 14. The computer program product of claim 13, wherein in step (e), the remote policy ID for the remote DRM policy of the target RMS server is obtained from the policy mapping table, and the policy schema of the target RMS server is obtained from the RMS server information table.
 15. The computer program product of claim 14, wherein step (f) includes querying the RMS server information table using the target RMS server ID to obtain the endpoint information for the target RMS server, and accessing the target RMS server using the endpoint information.
 16. The computer program product of claim 15, wherein the hybrid RMS server further stores a document authorization table which contains a plurality of document IDs and a DRM policy associated with each document ID including full policy information regarding which users have what access rights to a document represented by the document ID, and wherein step (g) includes storing the requested document ID in association with the full policy information of the requested DRM policy in the document authorization table.
 17. The computer program product of claim 10, wherein the hybrid RMS server further stores a user table, each entry of the user table containing a user ID and a RMS server ID of a corresponding RMS server on which the user ID is registered, wherein the process further comprises: receiving a user logon request from the client computer, the user logon request containing a user ID; querying the user table using user ID to determine the corresponding RMS server on which the user is registered; and redirect the logon request to the corresponding RMS server.
 18. The computer program product of claim 17, wherein the user table further containing a status which indicates whether the user ID is allowed to authenticate through the hybrid RMS server, wherein the process further comprises: if the status indicates that the user ID is not allowed to authenticate through the hybrid RMS server, denying the user logon request. 